2 files changed, 64 insertions, 47 deletions

diff --git a/hosts/p-body/default.nix b/hosts/p-body/default.nix
index 7988bfb..c303882 100644
--- a/hosts/p-body/default.nix
+++ b/hosts/p-body/default.nix
@@ -11,40 +11,14 @@
     hercules-ci-agent.nixosModules.agent-service
   ];
 
-  base = {
-    enable = true;
-    documentation.enable = false;
-    defaultPackages.enable = false;
-  };
+  server.enable = true;
 
   environment.systemPackages = with pkgs; [
-    cachix
     hercules-ci-agent.packages.x86_64-linux.hercules-ci-cli
   ];
 
-  nixos = {
-    enable = true;
-    networking.enable = false;
-  };
-
-  networking = {
-    hostName = "p-body";
-    firewall = let
-      ports = [80 420];
-    in {
-      allowedUDPPorts = ports;
-      allowedTCPPorts = ports;
-    };
-  };
-
-  programs = {
-    git.enable = true;
-    vim.defaultEditor = true;
-  };
-
-  security = {
-    pam.enableSSHAgentAuth = true;
-  };
+  networking.hostName = "p-body";
+  nix.settings.trusted-users = ["p-body"];
 
   services = {
     #caddy = {
@@ -118,11 +92,7 @@
     #  };
     #};
 
-    endlessh = {
-      enable = true;
-      port = 22;
-      openFirewall = true;
-    };
+    hercules-ci-agent.enable = true;
 
     guzzle-api = {
       enable = true;
@@ -130,14 +100,6 @@
       port = "80";
       package = guzzle_api.packages.x86_64-linux.guzzle-api-server;
     };
-
-    hercules-ci-agent.enable = true;
-
-    openssh = {
-      enable = true;
-      passwordAuthentication = false;
-      ports = [420];
-    };
   };
 
   swapDevices = [
@@ -163,10 +125,5 @@
     };
   };
 
-  nix = {
-    gc.options = "--delete-older-than 7d --max-freed 50G";
-    settings.trusted-users = ["p-body"];
-  };
-
   zramSwap.enable = true;
 }
diff --git a/modules/server/default.nix b/modules/server/default.nix
new file mode 100644
index 0000000..7fb1e76
--- /dev/null
+++ b/modules/server/default.nix
@@ -0,0 +1,60 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  cfg = config.server;
+  inherit (lib) mkDefault mkEnableOption mkIf;
+in {
+  options.server.enable = mkEnableOption "enable server configuration";
+
+  config = mkIf cfg.enable {
+    base = {
+      enable = true;
+      documentation.enable = mkDefault false;
+      defaultPackages.enable = mkDefault false;
+    };
+
+    environment.systemPackages = [pkgs.cachix];
+
+    nixos = {
+      enable = true;
+      networking.enable = false;
+    };
+
+    networking = {
+      firewall = let
+        ports = [80 420];
+      in {
+        allowedUDPPorts = ports;
+        allowedTCPPorts = ports;
+      };
+    };
+
+    nix.gc.options = "--delete-older-than 7d --max-freed 50G";
+
+    programs = {
+      git.enable = true;
+      vim.defaultEditor = true;
+    };
+
+    security = {
+      pam.enableSSHAgentAuth = true;
+    };
+
+    services = {
+      endlessh = {
+        enable = true;
+        port = 22;
+        openFirewall = true;
+      };
+
+      openssh = {
+        enable = true;
+        passwordAuthentication = false;
+        ports = [420];
+      };
+    };
+  };
+}